Cyber Incident Victim: University of California, Berkeley

In March 2021, the University of California, Berkeley (UC Berkeley) confirmed a data breach linked to a cyber-attack targeting Accellion, a third-party secure file transfer service provider. The incident began with a January 2021 intrusion against Accellion’s systems, which UC Berkeley utilized for file transfers. On March 29, 2021, multiple university employees received emails from an unidentified actor claiming their data had been stolen and threatening to release it. These emails contained links displaying samples of compromised personal information belonging to UC employees. UC Berkeley attributed the breach directly to the Accellion compromise, clarifying that attackers exploited a vulnerability in Accellion’s system to access university data. The University of California Office of the President (UCOP) publicly confirmed the attack’s connection to Accellion on March 31, emphasizing that the intrusion was isolated to the Accellion environment and did not compromise other UC systems or networks.

UC Berkeley initiated a coordinated response with UCOP to investigate the breach’s scope and identify affected individuals. The university advised community members to report suspicious emails without interacting with links or senders. UCOP launched a review of files believed to have been exfiltrated during the attack, intending to notify impacted parties once the analysis concluded. The attackers publicly disclosed screenshots of personal information, prompting UC to commit to notifying individuals if their data appeared in these leaks. This incident mirrored attacks on other Accellion customers, including the Reserve Bank of New Zealand and Australia’s QIMR Berghofer Medical Research Institute, highlighting the supply chain vulnerability. No specific details regarding the number of affected individuals or the full extent of data exposure were disclosed during the initial response phase.